package com.ld.admin.shiro.filter;

import java.io.IOException;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.catalina.User;
import org.apache.shiro.web.filter.authc.UserFilter;
import org.apache.shiro.web.util.WebUtils;

import com.ld.admin.shiro.ShiroUtils;
import com.ld.shieldsb.common.web.tag.model.TokenModel;
import com.ld.shieldsb.common.web.util.Web;

import lombok.extern.slf4j.Slf4j;

@Slf4j
public class TokenCheckFilter extends UserFilter {

    /**
     * token过期、失效
     */
    private static final String TOKEN_EXPIRED_URL = "/api/auth/tokenExpired";

    /**
     * 判断是否拥有权限 true:认证成功 false:认证失败 mappedValue 访问该url时需要的权限 subject.isPermitted 判断访问的用户是否拥有mappedValue权限
     */
    @Override
    public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
        HttpServletRequest httpRequest = (HttpServletRequest) request;

        TokenModel csrfToken = (TokenModel) httpRequest.getSession().getAttribute(Web.Attr.SESSION_TOKEN_KEY); //
        if (csrfToken != null) {
            String paramterName = csrfToken.getParameterName();
            String tokenVal = httpRequest.getParameter(paramterName);
            // 根据请求头拿到token
            if (tokenVal == null) {
                tokenVal = httpRequest.getHeader(paramterName);
            }
            // 检查token是否过期
            if (!csrfToken.getToken().equals(tokenVal)) {
                return false;
            }
        }
        return true;
    }

    /**
     * 认证失败回调的方法: 如果登录实体为null就保存请求和跳转登录页面,否则就跳转无权限配置页面
     */
    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
        User userInfo = ShiroUtils.getUserInfo();
        // 重定向错误提示处理 - 前后端分离情况下
        WebUtils.issueRedirect(request, response, TOKEN_EXPIRED_URL);
        return false;
    }

}